Jsf1 Do Junos Cli
-
Upload
michele-brunelli -
Category
Documents
-
view
241 -
download
0
Transcript of Jsf1 Do Junos Cli
-
7/31/2019 Jsf1 Do Junos Cli
1/66
-
7/31/2019 Jsf1 Do Junos Cli
2/66
JUNOS
Software Fundamentals Series
Day One: Exploring the JUNOS CLI
By Cathy Gadecki and Michael Scruggs
Chapter 1: Introducing the CLI . . . . . . . . . . . . . . . . . . . . . . . 1
Chapter 2: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 3: Understanding Operational Mode . . . . . . . . . . . 23
Chapter 4: Discovering Configuration Mode . . . . . . . . . . . . 31
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
-
7/31/2019 Jsf1 Do Junos Cli
3/66
2009 by Juniper Networks, Inc. All rights
reserved. Juniper Networks, the Juniper Networkslogo, JUNOS, NetScreen, and ScreenOS are
registered trademarks of Juniper Networks, Inc. in
the United States and other countries. JUNOSe is a
trademark of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks,
or registered service marks are the property of
their respective owners.
Juniper Networks assumes no responsibility for
any inaccuracies in this document. Juniper
Networks reserves the right to change, modify,transfer, or otherwise revise this publication
without notice. Products made or sold by Juniper
Networks or components thereof might be covered
by one or more of the following patents that are
owned by or licensed to Juniper Networks: U.S.
Patent Nos. 5,473,599, 5,905,725, 5,909,440,
6,192,051, 6,333,650, 6,359,479, 6,406,312,
6,429,706, 6,459,579, 6,493,347, 6,538,518,
6,538,899, 6,552,918, 6,567,902, 6,578,186, and
6,590,785.
Published by Juniper Networks
Printed in the USA by Vervante.com
Editor: Nancy Koerbel
Literary Management: Ames & Eames, Inc.
Revision: v2 April 2009
About the Authors
Cathy Gadecki is a Senior Product MarketingManager at Juniper Networks responsible for
JUNOS Software. Her publications include co-
authoringJUNOS for Dummies, a practical guide
to JUNOS Software.
Michael Scruggs is a Technical Publications
Manager at Juniper Networks.
Authors Acknowledgments
The authors want to thank the many people who
assisted us in creating this book. Our literary
manager, Patrick Ames, provided abundantpublishing expertise in defining the Day One series
and developing this first booklet. Nancy Koerbel
assisted by editing our writing. Susan
Harris helped in researching and drafting early
editions of this book. Jonathan Looney and
Michael Bushong provided examples and exercises
along with their extensive expertise. Jeff Mattan
assisted with promotions. And the numerous
contributing writers to Juniper Networks
Technical Publications and Juniper Networks
Education Services who provided us with referencematerials, descriptions, and examples. We would
also like to thank Michelle Bhatia and Bernadette
Willis for their helpful support.
ii
-
7/31/2019 Jsf1 Do Junos Cli
4/66
Welcome to Day One
Day One booklets help you to get started quickly in a new topic withjust the information that you need on day one.
They are designed to provide straightforward explanations, step-by-step instructions, and many detailed examples that are easy to follow.The Try It Yourselfsections let you practice commands, configura-tions, and other steps on your own at your laptop or terminal. Lookfor margin tips along the way, including best practices, alerts, shortcuts, tips, and notes.
Why Day One booklets?
Its a simple premise you want to use your Juniper equipment asquickly and effectively as possible. You dont have the time to wadethrough all the documents that are available to you. You may not evenknow where to start. All you want to know is what to do on day one.The JUNOS Software Fundamentals Series allows you to get right toit, one booklet at a time.
Show Me
With a focus on doing, Day One booklets include lots of examples foryour inspection. Try these examples yourself, if you choose. Theexamples show screen output in a fixed-width font with the commandsthat you enter inboldface.
Before You Begin
To access the JUNOS CLI, you must first have access to the deviceitself, either through the out-of-band console port or the in-bandmanagement port. As each network is different, it is beyond the scope
of this booklet to walk you through the process of logging in todeployed equipment. So before attempting to log in, you need tounderstand how your network is set up or have physical access to thedevice.
If you need information on accessing your device, see the Quick Startguide for your product at www.juniper.net/techpubs/.
-
7/31/2019 Jsf1 Do Junos Cli
5/66
What this booklet offers you
Day One: Exploring the JUNOS CLIwill help you to understand thecommands and mechanics of the command-line interface. Subsequentbooklets in the JUNOS Software Fundamentals Series will leveragethis understanding and help you complete the set up of your devices torun in your network.
When youre done with this booklet, youll be able to:
PNavigate the CLIs operational mode and configuration mode onany device run by JUNOS Software.
PUnderstand the hierarchies that underlie each mode.
PGet onboard help and use keyboard shortcuts to speed up yourwork.
PShow device status, alarms, and other helpful information inoperational mode.
PModify, save, and load configuration files with minimal risk tooperations.
PUse basic configuration mode commands such as show, set, anddelete.
PCapitalize on the safety features of the JUNOS Software commit
model.
PPrepare system changes in advance.
PUse the shortcuts and tips of experienced users and avoid commonproblems.
iv
-
7/31/2019 Jsf1 Do Junos Cli
6/66
What you need to know before reading
Day One: Exploring the JUNOS CLIlays the foundation for learningJUNOS Software and understanding later Day One booklets thatappear in the JUNOS Software Fundamentals Series.
Day One: Exploring the JUNOS CLIis for first-time users of JUNOSor Juniper products, but it is written so that it might also serve as areference or refresher for more experienced JUNOS administrators.
An understanding of basic networking concepts will be helpful as youwork your way through these pages.
And how to give us feedback
Do you have a comment or a great idea that might work as a Day Onebooklet? Wed like to hear your constructive comments and critiques.Please, if you have time, drop us an email at [email protected].
mailto:%[email protected]:%[email protected] -
7/31/2019 Jsf1 Do Junos Cli
7/66
Jump In!
And for those of you with no patience... Go ahead and jump ahead toyour own path of discovery on your new JUNOS-based device (in thefactory-default configuration) by using these four steps.
Step 1: Connect Connect your management PC to the console port of your newJuniper device using a null-modem or rollover cable, turn on thePC and start its terminal emulation program, and then power upthe Juniper box.
Step 2: Log In At the login prompt, enter rootand at the password promptpress Enter. What it looks like with user input in bold:
host (ttyd0)
login: rootpassword:
Step 3: Enter the CLI After you are authenticated, you enter the UNIX shell. To get tothe CLI from the prompt, enter cli. What it looks like with user inputin bold:
root@Amnesiac% cli
Step 4: Explore Youre now in the operational mode of the command-line interface.Enter a question mark anywhere in the command hierarchy, andyoull immediately see a list of possible entries. Go ahead and tryit, enter ?.
See that? Its the list of the valid commands at the top of the operation-al mode hierarchy. You can also use the question mark to find out thevalid possibilities to complete a command. For example:
user@Amnesiac > show i?
Displays all the possible show commands that start with the letteri.Look around ... see what else you can discover. What happens whenyou enter configure?
vi
-
7/31/2019 Jsf1 Do Junos Cli
8/66
Chapter 1
Introducing the CLI
Outlining the Command Modes . . . . . . . . . . . . . . . . . . . . .2
Understanding Operational Command Hierarchies . . . . . 3
Understanding Configuration Statement Hierarchies . . . . .4
-
7/31/2019 Jsf1 Do Junos Cli
9/66
2 Day One: Exploring the JUNOS CLI
The command-line interface (CLI) is the software interface used to
access your device. From here you configure the platform, monitor itsoperations, and adjust the configuration as needed.
If youve operated other networking devices, the JUNOS CLI shouldseem familiar, but you will also quickly notice that there are some newand different commands. No need to fret. These changes provide a richset of new tools and safeguards that help you efficiently manage yournetwork and maintain high uptime.
The command-line interface includes lots of shortcuts and commandsto get help. Master these shortcuts and commands, and youll spendmuch less time pounding away on your keyboard. With just a littleeffort, youll soon learn why so many people say that JUNOS saves
them time (often lots of it), reduces repetitive tasks, and helps them toavoid mistakes.
J-Web
If youd prefer to use a web GUI rather than the CLI, take a look at J-Web, the powerful web-based management interface available on
JUNOS devices. J-Web lets you perform the same actions available inthe command-line interface. It provides practical tools to monitor,configure, troubleshoot, and manage your device.
MORE? Go to the J-Web technical documentation for your device at www.juniper.net/techpubs/.
Outlining the Command Modes
The first step to exploring the JUNOS CLI is to understand its twocommand modes:
n Operational mode: manage and monitor device operations. Forexample, monitor the status of the device interfaces, check chassisalarms, and upgrade and downgrade the devices operating system.
n Configuration mode: configure the device and its interfaces. Theseinclude user access, interfaces, protocols, security services, and systemhardware properties.
-
7/31/2019 Jsf1 Do Junos Cli
10/66
Chapter 1: Introducing the CLI
Figure 1.1 Hierarchical Structure of the JUNOS CLI Modes
The JUNOS CLI structures the activities of each mode into hierarchies,as illustrated in Figure 1.1. The hierarchy of each mode is made up ofcascading branches of related functions commonly used together.
The structured hierarchy of the command-line interface is one of themany distinctive aspects of the JUNOS CLI preferred by users. Bylogically grouping activities, the JUNOS CLI provides a regular,consistent syntax helpful for knowing where you are, finding what youwant, moving around the interface, and entering commands.
Understanding Operational Command Hierarchies
When you first log in to the CLI, the command-line interface is at thetop level of the CLIs operational mode.
On the next page, Figure 1.2 provides a view of the CLIs tree structurefrom the top of the operational mode, with an example of its cascadinghierarchy through the showcommand. For example, the showconfigurationhierarchy includes: access, chassis, firewall, groups,etc. The structured grouping of commands makes it easy to movequickly up and down the hierarchical path or to a specific functionanywhere in the CLI.
Top Level Node
2nd Level Nodes
3rd Level Nodes
-
7/31/2019 Jsf1 Do Junos Cli
11/66
Figure 1.2 Top of the Operational Mode Tree
NOTE The top level of each hierarchy is much like the top of the UNIXfilesystem (\), and both the operational mode and configuration modehierarchies are similar to the directory structure on UNIX systems, PCs,and Macs. Youll learn more about the operational mode in Chapter 3.
Understanding Configuration Statement Hierarchies
Configuration mode has a hierarchical structure logically groupingrelated configuration statements. This structure eases configuration set
up, review, and modification by allowing you to more readily find andview related statements. Figure 1.3 illustrates a portion of the con-figuration tree, with nodes such as systemand interfacesat the 2ndlevel of the hierarchy.
Figure 1.3 Top of the Configuration Mode Tree
top
clear configure file help monitor set show etc.
chassis cli configuration host log security system etc.
acce ss cha ss is fi re wa ll gr oups i nter fa ces s er vi ce s se curi ty e tc.
top
access chassis firewall groups inter faces ser vices system etc.
account ing archival license location por ts ser vices sy slog et c.
finger ftp netconf outbound
ssh
ssh telnet xnm-ssl etc.
4 Day One: Exploring the JUNOS CLI
-
7/31/2019 Jsf1 Do Junos Cli
12/66
Chapter 1: Introducing the CLI
The configuration statement hierarchy includes two types of state-
ments:n container statements: contain other statements that is theyhave subordinate configuration levels
n leaf statements: do not contain other statements, they are at theend of a particular hierarchical path
Configuration Syntax
The command-line interface displays the hierarchy of theconfiguration mode through specific syntax. The following example
highlights what you need to know to read a JUNOS CLI configurationlisting:
[edit]
system {
services {
ftp;
}
}
1. The [edit]banner indicates the starting hierarchy level of thelisting.
2. The CLI shows the hierarchy of the configuration by indenting eachsubordinate level.
3. The CLI indicates container statements with open and closed curlybraces ({ }). In the above example, systemand servicesare cascadingcontainer statements.
4. The CLI indicates leaf statements with a semicolon (;). In theabove example, ftp; is a leaf statement.
NOTE While the organizational structure within the configuration is similarto C or other programming languages, you do not need to understand
programming to understand the configuration file. It simply is anoutline view (remember English class) of the configuration. Once youunderstand how the outline view works, you will find that the configu-ration is very easy to read and navigate.
-
7/31/2019 Jsf1 Do Junos Cli
13/66
6 Day One: Exploring the JUNOS CLI
Configuration Command Banner
You can always determine where you are in the configurationhierarchy by referring to the configuration command banner, shown asthe [edit] banner in the example above. When you are in deeperlevels of the hierarchy, the [edit]banner displays the entirehierarchical path. For example, the banner [edit system services]indicates a place of the hierarchy lying within services at the 3rd level,within system at the 2nd level, and within the root first level.
Thus, the following two configuration statements for the FTP serviceare equal. In the first, you are looking at the statement from the rootlevel of the hierarchy; and so the ftp;statement is shown in this listing
within the systemand servicescontainer statements.[edit]
system {services {
ftp;}
}
In the second example, you are viewing the ftp;statement fromdeeper within the hierarchy, specifically within the systemandserviceshierarchies. As you are deeper within the hierarchy, thecommand-line only displays the ftp;statement.
[edit system services]ftp;
The flexibility to work at a specific sublevel in the hierarchy is helpfulwhen you want to focus on just a small portion of the configuration.
Youll learn to navigate through the configuration hierarchy inChapter 4.
But for now, lets get started using the CLI. Its fast, its easy, and youcant get lost because youre using JUNOS.
-
7/31/2019 Jsf1 Do Junos Cli
14/66
Chapter 2
Getting Started
Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Switching Between Operational and Configuration Modes .9
Using Keystroke Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . .9
Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Filtering Output with the Pipe Command and More . . . . .15
Working With Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Logging Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
-
7/31/2019 Jsf1 Do Junos Cli
15/66
8 Day One: Exploring the JUNOS CLI
If you have access to a device in a lab or other nonoperational environ-
ment, follow along with the examples on these pages while exploringthe CLI. You can enter the commands and examples on your device aswell as practice your new skills by using our Try It Yourselfsegments.
To access the CLI, you must connect to the device and then log in. Ifyou need help connecting to your device and logging in, see the QuickStart for your product or go to the URL mentioned below. Beforelogging in to explore the CLI, you need to understand how yournetwork is set up or have physical access to the device.
The instructions in this Day One booklet also assume that the devicesmanagement console has already been configured, and you can log into the device using a pre-designated user name and password through
the management console. This is the standard and recommendedmethod for accessing the CLI on your device.
MORE? For information on accessing the device out of the box, see the QuickStartguide for your product at www.juniper.net/techpubs/.
Logging In
To access the management port from a networked device:
1. Open a command window.
2. If necessary, log in to the gateway server with direct access to theJUNOS device.
telnet gatewayserveruser: usernamepassword: password
Oftentimes, the routers, switches, and security devices are on asubnet behind a gateway router that prevents unauthorized accessto these devices.
3. Log in to the device.
telnet routernameuser: usernamepassword: password
If the devices IP address is managed by a DNS server, you cansimply log in using the designated domain name. Otherwise, youcan log in using the unique IP address of the management port.
-
7/31/2019 Jsf1 Do Junos Cli
16/66
Chapter 2: Getting Started
Switching Between Operational and Configuration Modes
As you monitor and configure a device, you need to switch between theoperational mode and the configuration mode. When you change toconfiguration mode the command prompt also changes. The opera-tional mode prompt is a right angle bracket (>). The configurationmode prompt is a pound sign (#).
To switch from operational mode to configuration mode, issue theconfigurecommand:
mike@juniper1> configure
SHORT CUT When issuing the configurecommand, simply type co. Since no other
command starts with those two letters, the CLI will recognize thecommand and auto-fill the rest of the command for you.
To exit back to operational mode, issue the exit configuration-modecommand, or even shorter, the exitcommand.
mike@junper1# exit
NOTE Keep in mind that if you made configuration changes, you mustcommit these changes before exiting configuration mode for them totake effect, which is covered in Chapter 4.
Using Keystroke Shortcuts
The JUNOS CLI offers numerous ways to save keystrokes when usingthe command-line, including keyboard sequences and command
completion.
All standard Unix keyboard shortcuts are available to you when youare logged in to the JUNOS device. This is true whether you are in oneof the shells, or in the CLI. These shortcuts offer options to shortenkeystrokes. It may take a few days for shortened keystrokes to becomesecond nature; however, once you have the muscle memory, theseshortcuts can save you lots of typing time.
The CLI stores every entered command in its command history. At anycommand prompt, the up and down arrow keys let you scroll throughthis history (on a VT100 terminal type). You can re-use commandsthat you previously entered, or modify them as needed. Keyboardsequences can save you much time, for example, when you are config-uring similar items on the device, or you are repeating operationalcommands, such as when you are debugging an issue.
-
7/31/2019 Jsf1 Do Junos Cli
17/66
10 Day One: Exploring the JUNOS CLI
SHORT CUT Use these time saving keyboard shortcuts:
Go to next in command history Down arrow or Ctrl+n
Go to previous in command history Up arrow or Ctrl+p
Go to beginning of line Ctrl+a
Go to end of line Ctrl+e
Go left one character Ctrl+b
Go right one character Ctrl+f
Go forward one word Esc+f
Go backward one word Esc+b
Delete character over cursor Ctrl+d
Delete word after cursor Esc+d
Delete word before cursor Esc+backspace
Delete text from the cursorto end of the line Ctrl+k
Delete the line Ctrl+u
Paste the deleted text at cursor Ctrl+y
Command CompletionThe CLI provides command completion to further speed your typing inboth modes. Command completion automatically finishes partiallytyped commands, filenames, and user names, so you dont need torecall the exact syntax of the desired input string. Command comple-tion is a big help to new users, easing their transition to the newcommand-line interface.
The spacebar completes most CLI commands. The tab key not onlycompletes CLI commands, but also filenames and user-defined vari-ables such as policy names, community names, and IP addresses. When
the completion of the command or argument is ambiguous, keying inspace or tab lists the possible completions:
[edit]
mike@juniper1# show ii is ambiguous
Possible completions:
-
7/31/2019 Jsf1 Do Junos Cli
18/66
Chapter 2: Getting Started
igmp Show Internet Group Management Protocol
ike Show Interface Key Exchange Information
interfaces Show Interface Informationipsec Show IP Security Information
isis Show Intermediate System-to Intermediate
SHORT CUT Common abbreviations from other operating systems, such as sh int,are available in JUNOS. For example mike@juniper1> showint.
Try It Yourself: Using the spacebar and tab key
Enter the following commands, using the spacebar to complete them:
show route
show chassis hardware
show configuration
clear rip stastics
restart routing gracefully
Getting Help
The JUNOS CLI includes several options for getting help any timeyoure not sure of what to do, or if you just want to double-check yourmemory. Everyone uses the CLIs comprehensive system of online help,even the experts whove been working with Juniper devices for years.
Context-Sensitive Help
Query the command-line with the question mark (?) character at anylevel of the operational or configuration hierarchies for a list ofavailable commands and a short description of each. Typing a partialcommand and ?provides a list of all the valid ways to complete yourcommand. Using ? in either of these ways is known as context-sensitive
help in JUNOS lingo:
[edit system]
mike@juniper1# set s?Possible completions:
saved-core-context Save context information for core files
saved-core-files Number of saved core files per executable (1..64)
-
7/31/2019 Jsf1 Do Junos Cli
19/66
12 Day One: Exploring the JUNOS CLI
> services System services
> static-host-mapping Static hostname database mapping
> syslog System logging facility
Try It Yourself: Getting help with a question mark
Display possible completions for the following commands in operational mode:
show ?
show chassis ?
show interfaces ?
show system ?
request ?
request support ?restart ?
ping ?
traceroute ?
Display possible completions for the following partially entered commands:
s ?
show i ?
request system s ?
restart s ?
For commands that require a filename as an argument, the question
mark lists the files in the working directory:mike@juniper1> request system license add ?Possible completions:
Filename (URL, local, remote, or floppy)
file1 Size: 19701, Last changed: Feb 23 21:56:52
file2 Size: 1835, Last changed: Apr 09 09:51:57
log1 Size: 1215, Last changed: Feb 16 13:07:49
log2 Size: 1135, Last changed: Apr 09 11:05:16
terminal Use login terminal
Specifying a path lists the files in that directory:
mike@junper1> request system license add /cf/ ?Possible completions:
Execute this command
Filename (URL, local, remote, or floppy)
/cf/boot/ Last changed: Apr 16 11:08:56
/cf/dev/ Last changed: Apr 08 2004
/cf/etc/ Last changed: Apr 30 08:40:09
/cf/kernel Size: 32797835, Last changed: Apr 15
/cf/kernel.old Size: 32715591, Last changed: Nov 09
-
7/31/2019 Jsf1 Do Junos Cli
20/66
Chapter 2: Getting Started
/cf/opt/ Last changed: Nov 09 02:08:43
/cf/packages/ Last changed: Apr 16 11:08:57
/cf/root/ Last changed: Apr 16 11:08:56/cf/sbin/ Last changed: Apr 16 11:08:56
/cf/usr/ Last changed: Nov 09 02:11:23
/cf/var/ Last changed: Nov 09 02:11:23
Onboard Documentation
When you want more information than what is provided by context-sensitive help, turn to the JUNOS Software technical documentationon your device through the helpcommands. Juniper loads documenta-tion on new devices and includes it as a part of new upgrade builds.
The help files are divided into five major categories. You can accessthese files in both operational and configuration modes:
n help apropos: displays help about a text string contained in astatement or command name
n help reference: provides assistance with configuration syntaxby displaying summary information for the statement
n help syslog: displays information on specific syslog events
n help tip: provides random tips for using the CLI
n help topic: displays usage guidelines for configurationstatements
When requesting help, follow each of the above commands with thestring or topic for which youre seeking information.
The help apropos command
The help aproposcommand is useful whenever you remember aportion of a command but not the full statement. The command looksfor all matches in statement or command names as well as help stringsthat are displayed for these:
[edit]
mike@junper1# help apropos host-nameset system host-name
Hostname for this router
set system static-host-mapping
Fully qualified name of system
set system services dhcp static-binding host-name
-
7/31/2019 Jsf1 Do Junos Cli
21/66
14 Day One: Exploring the JUNOS CLI
Hostname for this client
set system syslog host
Host to be notifiedset interfaces services-options syslog host
Name of host to notify
set accounting-options routing-engine-profile fields host-name
Hostname for this router
set services l2tp tunnel-group syslog host
Name of host to notify
set services service-set syslog host
Name of host to notify
If the string contains spaces, enclose them in quotation marks (" ").
The help topic commandUse the help topiccommand to learn about the usage guidelines for aspecific configuration statement:
mike@juniper1> help topic interfaces address ?Configuring the Interface Address
You assign an address to an interface by specifying the address when configuring the
protocol family. For the inet family, you configure the interfaces IP address. For the
iso family, you configure one or more addresses for the loopback interface. For the
ccc, tcc, mpls, tnp, and vpls families, you never configure an address.
The help reference command
After learning about what a certain command does and when to use it,you can view the actual syntax and possible options using the helpreferencecommand. Using the same example from immediatelyabove:
mike@juniper1> help reference interfaces addressaddress
Syntax
address address {
arp ip-address (mac | multicast-mac) mac-address ;
broadcast address;
destination address;
destination-profile name;eui-64;
multipoint-destination address dlci dlci-identifier;
...
Hierarchy Level
[edit interfaces interface-name unit logical-unit-number family family],
-
7/31/2019 Jsf1 Do Junos Cli
22/66
Chapter 2: Getting Started
[edit logical-routers logical-router-name interfaces interface-name unit
logical-unit-number family family]
Description
Configure the interface address.
NOTE The help referencecommand is similar to Unix manpagesas well asto the manual command seen on other operating systems.
Syntax Help
Rather than waiting until you hit return at the end of a configurationstatement, JUNOS Software checks syntax word-by-word. Every timeyou enter a word into a line and press the spacebar, the CLI determinesif each term is a valid command component and whether it is beingused properly. If it finds a mistake, the CLI requests correction.
Additionally, JUNOS Software checks for omitted statements requiredat a particular hierarchy level whenever you attempt to move from thathierarchy level or when you issue the showcommand in configurationmode:
[edit]
mike@juniper1# show
protocols {pim {
interface so-0/0/0 {
priority 4;
version 2;
# Warning: missing mandatory
statement(s): 'mode'
}
}
}
Filtering Output with the Pipe Command and More
You can change how the CLI displays output with the pipe | characterand the moreprompt.
-
7/31/2019 Jsf1 Do Junos Cli
23/66
16 Day One: Exploring the JUNOS CLI
The Pipe character
The pipe | character lets you filter output in both operational and configu-ration modes. Pipe makes it possible to display specific information in asingle command step, sending the output of one command as input toanother, or redirecting the output to a file. The output of the command tothe left of the pipe symbol serves as input to the command or file to theright of the pipe.
You can query the CLI to find valid ways to pipe a command, as in thisoperational mode listing:
mike@juniper1> show route | ?
Possible completions:
count Count occurrences
display Show additional kinds of information
except Show only text that does not match a pattern
find Search for first occurrence of pattern
hold Hold text without exiting the --More-- prompt
last Display end of output only
match Show only text that matches a pattern
no-more Dont paginate output
request Make system-level requests
resolve Resolve IP addresses
save Save output text to file
trim Trim specified number of columns from start of line
Using pipes
The following examples from a configured device further demonstrateways that pipe can help you to fine-tune commands.
Filter command output to a file
Create a file that stores the output of the request support informationcommand of the operational mode by piping its output to a :
mike@juniper1> request support information | save Wrote 1143 lines of output to filename
Display additional and hold information
You can request that a listing includes additional information or that theCLI holds information:
n | count: gives the number of lines in the output:
See the section Using the File
Commands in Chapter 3 to learn
about accessing the created file.
-
7/31/2019 Jsf1 Do Junos Cli
24/66
Chapter 2: Getting Started
mike@juniper1> show interfaces terse | countCount: 22 lines
n | display detail: provides additional information aboutthe contents of the configuration (available only inconfiguration mode)
n | display xml: shows the output in XML format
mike@juniper1> show cli directory | display xml
/var/home/username
show configuration | match at-at-2/1/0 {
at-2/1/1 {
at-2/2/0 {
at-5/2/0 {
at-5/3/0 {
NOTE Matchis equivalent to the UNIX grep command.
n | except: displays output that ignores a specific string:
mike@juniper1> show system users | except root8:28PM up 1 day, 13:59, 2 users, load averages:
0.01, 0.01, 0.00
USER TTY FROM LOGIN@ IDLE WHAT
sheep p0 baa.juniper.net 7:25PM - cli
n | find: displays the output starting at the first occurrence ofthe matching text:
Displaying output as XML
Its useful to display output in
XML when exchanging
configuration and state
information with other systems.
The XML output is formatted in
the standard Remote Procedure
Call (RPC) format.
http://xml.juniper.net/http://xml.juniper.net/ -
7/31/2019 Jsf1 Do Junos Cli
25/66
18 Day One: Exploring the JUNOS CLI
mike@juniper1>show ethernet-switching interfaces detail | find Index: 80Interface: ge-0/0/16.0 Index: 80
State: downVLANs:
default untagged blocked - blocked by STP
Interface: ge-0/0/17.0 Index: 81
State: down
VLANs:
default untagged blocked - blocked by STP
n | last: provides only the last screen of the listing
NOTE When using findor match, you must enclose spaces, operators, or
wildcard characters that are a part of the search term in quotationmarks.
Multiple pipes
JUNOS Software sees multiple pipes as a logical AND, only displayingthe output that matches all entered pipes. You can enter different pipecommands, as well as the same pipe command, multiple times. Forexample, to count how many fast Ethernet interfaces are configuredwithin the active configuration:
mike@juniper1> show interfaces terse | match fe- | count
Count: 12 lines
As another example, use the same pipe command on a single line toshow all routes that include the 10.0 string with a /32 subnet mask:
mike@juniper1> show route | match /32 | match 10.010.0.15.2/32 *[Local/0] 03:18:28
10.0.16.1/32 *[Local/0] 03:20:49
10.0.0.4/32 *[Local/0] 08:54:55
192.168.10.0/32 *[Local/0] 08:57:26
The More Prompt
The command-line interface automatically paginates output. The CLIsettings determine the length for your user account, with the typicalsetting at 24 lines. When the device stops at a page break, the com-mand-line interface displays the (more) prompt and shows the amount
-
7/31/2019 Jsf1 Do Junos Cli
26/66
Chapter 2: Getting Started
of displayed output as a percentage of all the content available fordisplay. You can enter the h key at any (more) prompt to see a list ofdisplay options, such as moving forward and backward in the output,searching, and saving:
mike@juniper1> show ethernet-switching interfaces detailInterface: ge-0/0/0.0 Index: 64
State: down
VLANs:
default untagged blocked - blocked by STP
*// Data Deleted From Example //*
Interface: ge-0/0/12.0 Index: 76
State: down
VLANs:default untagged blocked - blocked by STP
------ h
---(Help for CLI automore)---
Clear all match and except strings: c or C
Display all line matching a regexp m or M
Display all lines except those matching a regexp: e or E
Display this help text: h
Dont hold in automore at bottom of output: N
Hold in automore at bottom of output: H
Move down half display: TAB, d, or D
Move down one line: Enter, j, N, X, Z, or Down-Arrow
Move down one page: Space, f, F, or Right-ArrowMove to bottom of output: G, E, or End
Move to top of output: g, A, or Home
Move up half display: u or U
Move up one line: k, Delete, Backspace, P, or Up-Arrow
Move up one page: b, B, or Left-Arrow
Quit automore: q, Q, K
Redraw display: L or R
Repeat a keystroke command 1 to 9 times: Meta-1..9
Repeat last search: n
Save output to a file: s or S
Search backwards thru the output: ?
Search forwards thru the output: /
---(End of Help)---
TIP The set cli screen-lengthcommand modifies the number of dis-played lines. Alternatively you can display the entire output by addingthe pipe | no-moreas part of your command.
-
7/31/2019 Jsf1 Do Junos Cli
27/66
20 Day One: Exploring the JUNOS CLI
Working with Shells
Shell normally refers to any command-line interface used on a Unix orUnix-like operating system. These interfaces interpret high-levelcommands into low-level instructions that the device can use. Whenyou log in to a JUNOS device, you are placed into one of two shells:the C shell or the CLI in operational mode.
The following shells are available:
Shell Command Prompt
C shell %
Bourne shell $
CLI mike@juniper1> (operational mode)
mike@juniper1# (configuration mode)
You can navigate from one shell to another by issuing the propercommand. This command spawns a new instance of that shell andplaces you into that instance. For example, while in the CLI operation-al mode, you can spawn a new C shell interface by issuing the startshellcommand.
ALERT! When you log out of the device be sure to exit each of the shells youentered during your session.
Logging In to the CLI
To log in to the CLI interface, issue the clicommand at any shellprompt:
% cli
The CLI always opens in operational mode.
Logging In to the C Shell
To log in to the C shell interface from the CLI in operational mode,issue the start shellcommand:
-
7/31/2019 Jsf1 Do Junos Cli
28/66
Chapter 2: Getting Started
mike@juniper1> start shell
To log in to the C shell interface from the CLI in configuration mode,issue the run start shell command:
mike@juniper1# run start shell
SHORT CUT The runcommand allows you to issue CLI operational mode com-mands while in configuration mode. Just add the keyword runbeforeany operational mode command that you want to execute while youare inside the configuration mode.
To log in to the C shell interface from the Bourne shell interface, issuethe cshcommand.
$ csh
Logging In to the Bourne Shell
To log in to the Bourne shell interface from the CLI in operationalmode, issue the start shell command:
mike@juniper1> start shell
To log in to the C shell interface from the CLI in configuration mode,issue the run start shell shcommand:
mike@juniper1# run start shell sh
To log in to the C shell interface from the C shell interface, issue the shcommand.
% sh
Logging Out
When logging out, you must log out of each shell you have openedbefore you can log out completely from the device. Thus if you log into the device and are placed in the CLI operational mode and then youenter the CLI configuration mode, you need to exit out of both shells.
When its time to take a break, you must log out of each shell you haveopened before you log out comletely from the device. When you arecompletely logged out of the device, you will receive the message:Connection closed by foreign host.
mike@junper1> exitlogout
-
7/31/2019 Jsf1 Do Junos Cli
29/66
22 Day One: Exploring the JUNOS CLI
Connection closed by foreign host.
$
If youre in configuration mode and want to log out, exit your configu-ration session to enter operational mode:
[edit protocols ospf]
mike@juniper1# exit configuration-modeExiting configuration mode
mike@juniper1> exitlogout
Connection closed by foreign host.
$
BEST PRACTICEProtect the security of your device by logging out if you have noreason to be logged in or when you are away from your terminal, evenfor a few minutes. This prevents someone else from sitting down atyour workstation and inadvertently (or deliberately) accessing thedevice.
-
7/31/2019 Jsf1 Do Junos Cli
30/66
Chapter 3
Understanding Operational Mode
Looking at Operational Mode . . . . . . . . . . . . . . . . . . . . . 24
Showing Device Status . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Managing Basic Operations . . . . . . . . . . . . . . . . . . . . . . .27
Using the File Commands . . . . . . . . . . . . . . . . . . . . . . . . 28
Managing the Operating System Software . . . . . . . . . . . .29
-
7/31/2019 Jsf1 Do Junos Cli
31/66
24 Day One: Exploring the JUNOS CLI
Operational mode provides commands for monitoring, managing, and
maintaining your device. You can find out the status of your device,administer diagnostics, and perform other operational tasks, as well asmanage the software running the device.
Key operational mode capabilities include:
n Monitoring and troubleshooting the device
n Connecting to other network systems
n Restarting software processes
n Entering configuration mode
n Displaying the configuration
n Controlling the CLI environment
n Performing system-level operations such as stopping andrebooting the device and loading JUNOS Software images
JUNOS Software provides an extensive set of on-board instrumenta-tion capabilities for gathering critical operational status, statistics, andother information. These tools deliver advance notification of issuesand speed problem-solving during events.
As part of your configuration setup you can specify the types of eventsto track, the event severity, and the files in which to store the data,among other options. Juniper devices come with sufficient processingpower to collect and store critical operational data, including SNMPmanagement, system logging, and traceoptions that help you tounderstand how the box operates in normal conditions and where,when, and why changes occur.
MORE? Find out more about configuring basic monitoring functions for yourdevice in the upcoming booklets of theJUNOS Software Fundamen-tals Series. Download new titles as they become available at www.
juniper.net/dayone.
Looking at Operational Mode
Explore operational mode from the top level of its hierarchy. Heres atruncated listing of its most commonly used commands:
-
7/31/2019 Jsf1 Do Junos Cli
32/66
Chapter 3: Understanding Operational Mode
mike@juniper1> ?Possible completions:
clear Clear information in the systemconfigure Manipulate software configuration information
file Perform file operations
help Provide help information
monitor Show real-time debugging information
ping Ping remote target
quit Exit the management session
request Make system-level requests
restart Restart software process
set Set CLI properties, date/time, craft interface message
show Show system information
ssh Start secure shell on another host
start Start shell
telnet Telnet to another host
test Perform diagnostic debugging
traceroute Trace route to remote host
Showing Device Status
Operational mode provides a large group of show commands todisplay status and statistics for just about everything on the device:
mike@juniper1> show?Possible completions:
accounting Show accounting profiles and records
aps Show Automatic Protection Switching informationarp Show system Address Resolution Protocol table entries
as-path Show table of known autonomous system paths
bfd Show Bidirectional Forwarding Detection information
bgp Show Border Gateway Protocol information
chassis Show chassis information
class-of-service Show class-of-service (CoS) information
cli Show command-line interface settings
configuration Show current configuration
connections Show circuit cross-connect connections
dialer Show dialer information
dlsw Show DLSw information
dvmrp Show Distance Vector Multicast Routing Protocolinformation
dynamic-tunnels Show dynamic tunnel information information
esis Show end system-to-intermediate system informationfirewall Show firewall information
helper Show port-forwarding helper information
host Show hostname information from domain name server
igmp Show Internet Group Management Protocol information
ike Show Internet Key Exchange information
interfaces Show interface information
ipsec Show IP Security information
-
7/31/2019 Jsf1 Do Junos Cli
33/66
26 Day One: Exploring the JUNOS CLI
ipv6 Show IP version 6 information
isdn Show Integrated Services Digital Network information
isis Show Intermediate System-to-Intermediate System info...l2circuit Show Layer 2 circuit information
l2vpn Show Layer 2 VPN information
ldp Show Label Distribution Protocol information
llc2 Show LLC2 protocol related information
log Show contents of log file
mld Show multicast listener discovery information
mpls Show Multiprotocol Label Switching information
msdp Show Multicast Source Discovery Protocol information
multicast Show multicast information
ntp Show Network Time Protocol information
ospf Show Open Shortest Path First information
ospf3 Show Open Shortest Path First version 3 information
pfe Show Packet Forwarding Engine information
pgm Show Pragmatic Generalized Multicast information
pim Show Protocol Independent Multicast information
policer Show interface policer counters and information
policy Show policy information
pppoe Show PPP over Ethernet information
rip Show Routing Information Protocol information
ripng Show Routing Information Protocol for IPv6 information
route Show routing table information
rsvp Show Resource Reservation Protocol information
sap Show Session Announcement Protocol information security
services Show services information
snmp Show Simple Network Management Protocol information
system Show system information
task Show routing protocol per-task informationted Show Traffic Engineering Database information
version Show software process revision levels
vrrp Show Virtual Router Redundancy Protocol information
TIP For the reader with experience using Cisco IOS, a basic difference ofJUNOS is that it does not use the keyword IP. So, many of the showcommands you already know work if you drop this part of the com-mand. For example, the IOS command show ip routesimply becomesshow route in JUNOS.
The showcommand includes other arguments to modify the output.
For example, below are the available arguments for the showinterfacescommand for the fe-1/1/1 Fast Ethernet interface:
mike@juniper1> show interfaces fe-1/1/1 ?Possible completions:
Execute this command
brief Display brief output
-
7/31/2019 Jsf1 Do Junos Cli
34/66
Chapter 3: Understanding Operational Mode
descriptions Display interface description strings
detail Display detailed output
extensive Display extensive outputmedia Display media information
snmp-index SNMP index of interface
statistics Display statistics and detailed output
terse Display terse output
You can add these options to adjust the output listings to what youneed. Compare the showoutput when adding briefand terseto thecommand above.
mike@juniper1> show interfaces fe-1/1/1 briefPhysical interface: fe-1/1/1 Enabled, Physic link is Down
Link-level type:Ethernet, MTU: 1514, Spped: 100mbps, Loopback:
Disabled, Source filtering: DisabledFlow control : Enabled
Device flags : Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: Ox4000
Link flags : None
mike@juniper1> show interfaces fe-1/1/1 terseInterface Admin Link Proto Local Remote
fe-1/1/1 up up
at-1/3/0.0 up up inet 1.0.0.1 --> 1.0.0.2
iso
TIP The clearcommands let you reset the devices statistics to zero.
Managing Basic Operations
JUNOS Software supports standard network utilities and remoteaccess for management. You may recognize a few of these fundamentalcommands from UNIX and other operating systems:
n ping:this standard IP command tests whether other devices,interface cards, or nodes are reachable on the network.
n traceroute:this network utility reports the path taken bypackets from your device to a destination on an IP network.
n ssh:this standard UNIX secure shell program opens a usershell on another device or host on the network.
n telnet:this management protocol opens a terminalconnection to another device or host on the network.
-
7/31/2019 Jsf1 Do Junos Cli
35/66
28 Day One: Exploring the JUNOS CLI
Using the File Commands
The filecommands let you view and copy files from one location ofyour device to another, from your device to a remote system, such as aserver, or from a remote system to the device. Saving and loadingconfiguration files on the device are helpful for:
n Archiving and backing up configurations
n Sharing configuration files across devices
n Saving and loading parts of configuration files that might becommon across many devices within a network (route filters,for instance). To view a file use the file show command:
mike@juniper1> file show
The file copy command
You can manually archive files with the file copycommand whichuses the same syntax as the standard Unix cpcommand:file copy /target-directory/target-filename /destination-
directory/destination-filename
For example, to copy the current active configuration file (/config/juniper.conf.gz) asbackup.gzto the devices /var/home/user direc-
tory:mike@juniper1> file copy /config/juniper.conf.gz /var/home/user/backup.gz
BEST PRACTICE Create a rescue configuration of a known working configuration.In the event that the active configuration is corrupted, thedevice will automatically load the file named rescue.gzin the/config directory as the active configuration.
BEST PRACTICE After copying the configuration file to a new location, always rename itso that you dont accidentally overwrite it later when copying an
updated version of the file.
The same command lets you move the configuration file from theserver back to the devices home directory:
mike@juniper1> file copy /config/juniper.conf.gz /var/home/user/juniper.conf.gz-20090123
-
7/31/2019 Jsf1 Do Junos Cli
36/66
Chapter 3: Understanding Operational Mode
The file list command
Use thefile list command to check that the file arrived in your homedirectory:
mike@juniper1> file list
/var/home/user/:
.ssh/
juniper.conf.gz-20090123
NOTE Chapter 4 includes the steps for loading the file as the active (running)configuration for the device.
Managing the Operating System Software
Operational mode provides commands for managing the operatingsystem software, including upgrading and rebooting the device, as wellas for restarting and resetting individual processes. JUNOS Software isa modular operating system whereby independent processes run intheir own protected memory space. As such these processes, calleddaemons, can be independently managed.
The restart command
You can restart most JUNOS Software processes from the operationalmode (with a few daemons requiring that you leave to a shell). Userestartwhen you need to stop and then restart individual operatingsystem daemons.
ALERT! Although each process is fully independent, take special care whenusing the restartcommand. A restart of the SNMP process is onlydisruptive to SNMP, but a restart of routing could have drastic conse-quences in your network!
TIP To restart a specific routing protocol, such as OSPF, you can deactivateand then reactivate it in configuration mode. When a problem existswith only one protocol, this is a better approach than restarting theentire routing daemon of JUNOS, which would affect all the routingprotocols.
-
7/31/2019 Jsf1 Do Junos Cli
37/66
30 Day One: Exploring the JUNOS CLI
The request command
Therequestcommands perform system-wide functions such asrebooting, upgrading, and shutting down the device. This commandgroup also provides the ability to online, offline, and restart individualcomponents without having to reboot the entire device:
mike@juniper1> request chassis fpc slot 0 restartRestart initiated, use "show chassis fpc" to verify
user@host> show chassis fpc
Temp CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt DRAM (MB) Heap Buffer
0 Starting 32 0 0 0 0 0
1 Online 30 0 0 8 11 14
2 Empty
3 Empty
MORE? The online technical documentationJUNOS SoftwareInstallation andUpgrade provides details about upgrading the software version of yourdevice. You can download the current package from the softwaredownload page at www.juniper.net/support. Downloading newsoftware requires a current service contract and login account.
MORE? To learn more about operational mode commands see the onlineJUNOS Software CLI User Guide andJUNOS System Basics andServices Command Reference at www.juniper.net/techpubs/.
-
7/31/2019 Jsf1 Do Junos Cli
38/66
Chapter 4
Discovering Configuration Mode
Introducing the Configuration Process . . . . . . . . . . . . . . . .32
Entering the Configuration Mode . . . . . . . . . . . . . . . . . . .33
Understanding Configuration Mode Basics . . . . . . . . . . . .35
Editing the Configuration . . . . . . . . . . . . . . . . . . . . . . . . .40
Committing the Candidate Configuration . . . . . . . . . . . . .42
Automating Everyday Tasks . . . . . . . . . . . . . . . . . . . . . . . .47
Rolling Back the Configuration . . . . . . . . . . . . . . . . . . . . .48
Preparing System Changes in Advance . . . . . . . . . . . . . . .49
Using Configuration Shortcuts . . . . . . . . . . . . . . . . . . . . .52
-
7/31/2019 Jsf1 Do Junos Cli
39/66
32 Day One: Exploring the JUNOS CLI
Configuration mode, as the name implies, is where you define the
configuration of your device. This includes configuring the manage-ment console with its network settings, setting up user accounts foraccess to the device, specifying the security measures used to protectthe device and the network, and setting up routing and switchingprotocols. Each statement configures different functions of the device,specifying its particular properties in your network.
Introducing the Configuration Process
The JUNOS CLI is thoughtfully designed to consider configuration asa process. Thus, safeguards have been introduced that allow you to set
up and check a new configuration before it goes live. For example,JUNOS captures all changes in a candidate configuration that whencompleted can be committed, and only then can become the activeconfiguration file.
This approach substantially contrasts with other systems that use line-by-line entry and instant activation of configuration changes. Haveyou ever had to make line-by-line changes in other systems, knowingthat you were creating intermediate risks, such as removing a firewallon an interface? Perhaps you have entered a single-line change thatcreated unwanted or unexpected results that you could not easilyrevert.
The JUNOS CLI protects you from these configuration headaches.With the help of early customers, the Juniper engineers purposefullydesigned a multi-stage configuration process. This process providesvarious methods of averting difficulties caused by unexpected mistakesand other common challenges in device configuration.
Figure 4.1 outlines the three basic steps to configure a device run byJUNOS Software. Here are the steps identified in the figure.
1. Make changes to the candidate configuration
The candidate configuration is a copy of the active configuration.You can enter configuration changes to the candidate through theCLI via cut and paste, load or merge a text file with the updatedconfiguration changes, or enter the changes by hand through theCLI interface. After making all your candidate changes, you canreview your work, including comparing the candidate to the active(running) file.
Where is the candidate?
While it is easy to think of
configurations as files, actually,
there is no file associated withthe candidate configuration.
The configuration is held in
system memory.
-
7/31/2019 Jsf1 Do Junos Cli
40/66
Chapter 4: Discovering Configuration Mode
2. Commit your changes.
To move the candidate to become the active configuration, enterthe commitor commit confirmedcommands. Before finalizing thechangeover, the software checks for certain statements within thecandidate and performs other context validations. If the deviceincludes pre-loaded commit scripts, these scripts will also checkand possibly correct errors within the candidate configuration.
3. Candidate becomes active.
The candidate becomes active after passing through all the valida-tion checks. The candidate configuration becomes the activeconfiguration, saved as /config/juniper.conf.gz. The devicerenames the previous juniper.conf.gzfile to juniper.conf.1.gz.
Figure 4.1 JUNOS CLI Configuration Process Overview
NOTE The JUNOS device saves up to 49 previous active configurations. Youcan roll back to any one of these backup configurations by issuing therollback [0 - 49]command, discussed later in this chapter.
Entering the Configuration Mode
In devices where different user accounts can make configurationchanges, the flexibility to manage who is making changes and when isessential. JUNOS Software thus offers three options for enteringconfiguration mode:
n Standard: allows any number of users to edit the candidateconfiguration simultaneously and changes made by a singleuser are visibly shared so that they can be seen by all users.
n Exclusive: locks all other users out of configuration modeuntil the exclusive user closes the exclusive state.
Validated
Configuration
Active
ConfigurationCandidate
Configuration
Commit
ScriptsCLI
Checks
Commit
Commit
Confirmed
Rollback
1 2 3
-
7/31/2019 Jsf1 Do Junos Cli
41/66
34 Day One: Exploring the JUNOS CLI
n Private: provides a private configuration whereby the device
keeps a separate candidate copy holding only the changes bythe private user.
The configure command
To enter the standard configuration mode, issue the configurecom-mand:
mike@juniper1> configureEntering configuration mode
ALERT! When you exit from the standard configuration mode all the uncom-mitted changes you have made during your session remain in the
candidate, unless you explicitly delete them or issue a rollback 0command to reload the active configuration as the candidate. Theusers do get warning messages when logging in and out:
mike@juniper1> configureEntering configuration mode
The configuration has been changed but not committed
mike@juniper1# exitThe configuration has been changed but not committed
Exit with uncommitted changes? [yes,no]
The configure exclusive command
To lock the candidate configuration from other users, add the exclu-siveswitch to the configurecommand. In configure exclusive mode,the device discards all non-committed changes to the configurationonce you exit the session.
mike@juniper1> configure exclusivewarning: uncommitted changes will be discarded on exit
Entering configuration mode
The configure private command
You can create your own private candidate configuration by adding theprivateswitch to the configurecommand:
mike@juniper1> configure privatewarning:uncommitted changes will be discarded on exit
Entering configuration mode
-
7/31/2019 Jsf1 Do Junos Cli
42/66
Chapter 4: Discovering Configuration Mode
When a private user commits changes, JUNOS Software integratesonly the candidate changes made by the private user into the active(running) configuration. The software does not implement any piecesof the candidate configuration changed by others. This means thatseveral users can use configure private to make non-conflictingchanges to the active configuration at the same time. If a private userissues a rollback 0command, the device discards only their changes intheir candidate configuration.
NOTE If a user creates a private configuration session, other users can log inas standard or in their own private session. When a person is alreadylogged in, other users are warned that another person is currentlymodifying the configuration.
BEST PRACTICE Use configure exclusiveor configure privatewhenever multipleuser accounts can make changes to the configuration. This bestpractice protects everyone from inadvertent errors. For instance, the
Juniper engineers heard about one event where an administratoraccidentally typed the command delete interfaces. The administra-tor recognized the mistake but instead of removing the statement, hesimply exited configuration mode. Later, when another user logged inand committed the configuration, all the devices interfaces weredeleted! Fortunately, JUNOS Software made it possible to roll back toa previous configuration.
Understanding Configuration Mode Basics
Configuration mode offers several options to view and navigate thecandidate configuration.
Viewing the Candidate Configuration
The showcommand displays the candidate configuration of the device.
When entered from the top of the configuration hierarchy, the com-mand-line interface displays the entire candidate configuration. Thefollowing example provides an abbreviated listing for a configureddevice:
[edit]
mike@juniper1# showversion 9.2R1.3;
-
7/31/2019 Jsf1 Do Junos Cli
43/66
36 Day One: Exploring the JUNOS CLI
groups
{
re0 {system {
host-name juniper1;
}
}
}
If you havent made any configuration changes, then the candidateconfiguration is the same as the active (running) configuration of thedevice.
Deeper in the hierarchy, the showcommand displays the configuration
from the current configuration hierarchy level and below:[edit interfaces ge-5/0/0]
mike@juniper1# showgigether-options {
flow-control;
auto-negotiation;
}
unit 0 {
family inet {
address 1.2.3.4/28;
}
}
NOTE You may have noticed that the configuration mode uses the showcommand in a different way than operational mode. The commands ofeach mode are independent of each other, and so the showcommandrepresents different actions in each mode.
Navigating the Configuration
While you can edit the configuration from the root of the hierarchy,often it is easier to navigate to the area within the configuration youare changing prior to adding and removing commands. For example, if
you were planning to add new services to the configuration, you couldissue the following series ofsetcommands:
[edit]
mike@juniper1# set system services fingermike@juniper1# set system services ftpmike@juniper1# set system services sshmike@juniper1# set system services telnet
-
7/31/2019 Jsf1 Do Junos Cli
44/66
Chapter 4: Discovering Configuration Mode
However, it is easier to navigate to the system services directory andthen issue the following commands:
[edit system services]
mike@juniper1# set fingermike@juniper1# set ftpmike@juniper1# set sshmike@juniper1# set telnet
In either case, when completed, the following lines are added to thecandidate configuration:
[edit]
system {
services {
finger;
ftp;
ssh;
telnet;
}
}
The CLI provides four commands for navigation in configurationmode: edit, up, top, and exit.
The edit command
Use the editcommand to jump to a specific location within the
candidate configuration. The configuration mode banner changes toindicate your new location in the hierarchy:
[edit]
mike@juniper1# edit system services
[edit system services]
mike@juniper1#
You do not have to issue theeditcommand from the top level direc-tory. For example, to navigate to the systemsyslog host loghierar-chy, you could issue the following command from the top level of thehierarchy:
[edit]
mike@juniper1# edit system syslog host log
[edit system syslog host log]
mike@juniper1#
-
7/31/2019 Jsf1 Do Junos Cli
45/66
38 Day One: Exploring the JUNOS CLI
You could also navigate to the same hierarchy by issuing the following
succession ofeditcommands:[edit]
mike@juniper1# edit system
[edit system]
mike@juniper1# edit syslog
[edit system syslog]
mike@juniper1# edit host log
[edit system syslog host log]
mike@juniper1#
When issuing the editcommand from the hierarchy, issue the relativepath based on your location in the hierarchy.
NOTE The editcommand functions like the UNIX change directory (CD)command, moving you to an exact location in the hierarchy tree.
If you navigate to a hierarchy location that doesnt exist in yourconfiguration yet, the CLI will create the hierarchy level. However,explicitly adding hierarchy levels using thesetcommand (discussedbelow) helps you to know exactly what you have created.
The up command
The up command allows you to move up levels in the hierarchy. Bydefault, you move one level. You can add a number after the commandto specify how many levels to move up.
[edit interfaces fe-1/3/1 unit 0 family inet address 10.0.10.1]
mike@juniper1# up
[edit interfaces fe-1/3/1 unit 0 family inet]
mike@juniper1#
In the above example, interfaces, fe-1/3/1, unit 0, family inet, andaddress 10.0.10.1each represent one level within the hierarchy asshown below from the top of the configuration hierarchy:
[edit]
interfaces {
fe-1/3/1 {
unit 0 {
family inet {
address 10.0.10.1;
}
}
}
}
Up Command
The up command is analogous
to entering cd .. in a Unix
directory.
-
7/31/2019 Jsf1 Do Junos Cli
46/66
Chapter 4: Discovering Configuration Mode
The top command
The topcommand allows you to move to the first hierarchy level.
The exit command
The exitcommand returns you to the hierarchy location prior to thelast editcommand. If you exit this command from the top level of theconfiguration hierarchy, you exit configuration mode.
SHORT CUT You can combine navigation commands together to move through thehierarchy. For example, you can use top and edit together to quicklymove to a different part of the configuration hierarchy:
[edit protocols ospf area]mike@juniper1# top edit system login
[edit system login]
mike@juniper1#
Use topwith showto display a portion of the configuration fromanother section of the hierarchy:
[edit protocols ospf area]
mike@juniper1# top show system servicesweb-management {
http {
port 8080;
}
}
Try it Yourself: Navigating the Hierarchy
Go to the following configuration hierarchy levels using the edit, up, top, and exitcommands:
[edit interfaces]
[edit interfaces fe-0/0/0]
[edit]
[edit protocols bgp]
[edit protocols ldp interface fe-0/0/0.0]
[edit system]
[edit system services telnet]
[edit system syslog archive]
[edit system syslog]
[edit snmp v3]
[edit snmp v3 usm local-engine]
[edit snmp v3 target-parameters sample-parameters parameters]
Top Command
The top command is analogous
to entering cd / in a Unix
directory.
-
7/31/2019 Jsf1 Do Junos Cli
47/66
40 Day One: Exploring the JUNOS CLI
Editing the Configuration
Create or change the candidate by entering a series of commands,including commands to add and remove configuration statements.
The set command
The setcommand inserts a statement and values into the candidateconfiguration. For example, if you want to add the ftp service to yourdevice, from the top of the hierarchy you issue the following setcommand:
[edit]
mike@juniper1# set system services ftp
The following lines will be added to the configuration file:
system {
services {
ftp;
}
}
You also use the setcommand to add statement values when required.For example, to set the device name to juniper1, you enter the follow-ing setcommand:
[edit]mike@devicename # set system host-name juniper1
The following lines will be added to the configuration file:
system {
host-name juniper1;
}
The delete command
The deletecommand removes statements from your candidate con-figuration. Deleting a statement effectively returns the affected device,
protocol, or service to an unconfigured state. Deleting a containerstatement removes everything under that level of the hierarchy.
ALERT! The deletecommand removes all subordinate statements and identi-fiers. For example, the following simple line would remove all theprotocol configuration data in your candidate:
[edit]
mike@juniper1# delete protocols
Set Commands
To learn about using set
commands to fully configure
your device, download
additional titles of the JUNOSSoftware Fundamentals Series
Day One booklets as they
become available at www.
juniper.net/dayone/.
-
7/31/2019 Jsf1 Do Junos Cli
48/66
Chapter 4: Discovering Configuration Mode
BEST PRACTICE Know where you are in the hierarchy and everything that yourcommand will remove when you issue a delete statement! By alwayschecking the [edit]banner to determine your current hierarchy loca-tion, you can be sure your command affects only the portion of theconfiguration that you want to change.
If a configuration statement is empty after deleting the configurationelement(s), the CLI removes that configuration statement from thecandidate configuration.
Try it Yourself: Setting and Deleting Configuration Commands
Follow these steps to set up and then delete a serial interface with the IP address 10.201.1.0/24.
1. Enter the following setcommand at the top level of the configuration hierarchy:
[edit]
mike@juniper1# set interfaces se-1/0/0 unit 0 family inet address 10.210.1.0/24
2. Use the showcommand to see that the se interface was added to the configuration (In thefollowing example, only the added statements are shown, your configuration file should havemore data than shown):
[edit]
mike@juniper1# show
interfaces {
se-1/0/0 {
unit 0 {
family inet {
address 10.210.1.0/24;}
}
}
}
}
3. Delete the interface using the following deletecommand:
[edit]
mike@juniper1# delete interfaces se-1/0/0
4. Use the showcommand to see that the se interface is now removed from your configurationfile.
-
7/31/2019 Jsf1 Do Junos Cli
49/66
42 Day One: Exploring the JUNOS CLI
MORE? When you need to remove large common pieces of the configuration
from the device, wildcards can save you time. The device can searchthrough the entire candidate configuration looking for a string anddelete every line that contains that string. To learn more about wild-cards go to the onlineJUNOS Software CLI User Guide at www.juniper.net/techpubs/ and refer to the section on Advanced Features.
The annotate command
The JUNOS CLI lets you leave comments about the configuration as apart of its listing. The comments can be quite handy when you or otherteam members are trying to troubleshoot a problem or need to make
configuration changes. Use annotatefollowed by your note when youwant to include comments:
[edit]
mike@juniper1# annotate system this device is for training newJUNOS users
When you add comments in configuration mode, they are associatedwith a statement at the current level. Each statement can have onesingle-line comment associated with it. To delete a comment, use theannotatecommand with an empty string:
[edit]
mike@juniper1# annotate system ""
Committing the Candidate Configuration
The JUNOS CLI provides multiple features that help users to catch andcorrect typos, omissions, and other errors before they become a prob-lem. In addition to candidate configurations, these features includeproviding file comparisons, checking candidate syntax and context,enabling fast roll back, and restoring working configurations onsystems that become isolated after activation of a new configuration.
Figure 4.2 provides a detailed view of the file management of the
device configuration. The active (running) configuration is the opera-tional file of the device. It is also the configuration that the deviceloads during a boot sequence. The candidate configuration is theworking copy storing configuration updates. The commitcommandscause the following transitions by the device (for candidates whichpass the validation checks):
-
7/31/2019 Jsf1 Do Junos Cli
50/66
Chapter 4: Discovering Configuration Mode
1. Copies the candidate configuration to the active configuration.At this point, the active and the candidate configurations areidentical.
2. Decrements all rollback configuration files by one and saves the ac-tive configuration as rollback 0.
Figure 4.2 JUNOS Configuration File Management
The active (running) configuration file and the last three rollbackconfiguration files are saved in the /configdirectory. The device savesthe remainder of the archived configuration files in the /var/db/configdirectory.
NOTE The active configuration file is named juniper.conf.gz, and therollback configuration files are named from juniper.conf.1.gz tojuniper.conf.49.gz(providing an archive of 50 active configurations).
v 49
v4
v3
v2
historic
config
(rollback 1)
text
file
Versions 4 to 49
held in/var/db/config
on hard disk
rollback
Versions 0 to 3
held in /config
on hard disk
Send SNMP
trap/syslog event on
commit, or run Commit
or Event Script
commit
save
load
scp or ftp
CLI or client
application
Network Management
System
system archive
on commit or every
minutes
active
(running)
config
(rollback 0)
candidate
config
-
7/31/2019 Jsf1 Do Junos Cli
51/66
44 Day One: Exploring the JUNOS CLI
The compare command
Configuration mode conveniently provides a way to display theconfigured differences between two configurations with the show |comparecommand.
The following example modifies a candidate configuration by enablingTelnet access and removing SSH and J-Web access:
[edit system]
mike@juniper1# set services telnet
[edit system]
mike@juniper1# delete services web-management
[edit system]mike@juniper1# delete services ssh
Now display the resulting changes in the candidate compared to theactive configuration:
[edit system services]
mike@juniper1# show | compare- ssh;
+ telnet;
- web-management {
- http {
- port 8080;
- }
- }
The command interface indicates new lines in the candidate with a plus(+) sign and those removed with a minus (-) sign.
SHORT CUT The operational mode command show configuration displays thecurrent active (running) configuration. You can perform this commandin configuration mode by adding the keyword run:
[edit]
mike@juniper1# run show configuration
The commit check command
The CLI also provides a command to check that the system can processyour candidate configuration. The commit check command validatesthe logic and completeness of the candidate without activating any
-
7/31/2019 Jsf1 Do Junos Cli
52/66
Chapter 4: Discovering Configuration Mode
changes. These are the same validations that run when you commitacandidate. If the system finds a problem in the candidate configuration,it lets you know:
[edit]
mike@juniper1# commit check[edit interfaces lo0 unit 0 family inet]
'address 192.168.69.1/24'
Loopback addresses' prefix must be 32 bits
error: configuration check-out failed
BEST PRACTICE Before activating a candidate as the running configuration, alwayscheck your work. Use the show | compare command to ensure all ofthe expected configuration elements and parameters are a part of thecandidate. Enter the commit check command to have the system
validate your candidate configuration without activating the changes.
The commit command
The candidate file is only the proposed configuration, and your devicedoes not use any of this configuration until you issue a commitcom-mand. After you have entered all desired changes, and you have doublechecked your work, you are ready to activate your candidate as theactive (running) configuration.
To activate the candidate configuration, enter the commitcommand:
[edit]
mike@juniper1# commitcommit complete
Before actually activating the candidate configuration, JUNOS Soft-ware checks basic syntax and semantics. For example, the softwaremakes sure that a policy has been defined before it is referenced. If anysyntax or semantic problems are found, the commitcommand returnsan error:
[edit]
mike@juniper1# commit
error: Policy error: Policy my-policy referenced but not definederror: BGP: export list not applied
error: configuration check-out failed
You must fix all mistakes before the candidate (or any part of thecandidate) can become active.
-
7/31/2019 Jsf1 Do Junos Cli
53/66
46 Day One: Exploring the JUNOS CLI
The commit completemessage tells you that the new configuration is
up and running on the device:[edit]
mike@juniper1# commitcommit complete
ALERT! By default, if more than one user is modifying the configuration,committing the configuration saves and activates the changes of allusers (unless a user is in configure private mode, see pages 34-35).
The commit confirmed command
Are you among those of us who have made the mistake of addingsecurity to a remote box, only to discover the new firewall locked youout of the very interface that you were using to access the device? Doyou have a story about the time you accidently isolated a remote boxand then had to jump in the car and drive for four hours in the middleof the night just to reset it? The commit confirmedcommand canprevent costly configuration mistakes by automatically rolling backproblematic configurations.
The commit confirmedcommand commits a candidate configurationfor 10 minutes. If you dont then follow up with a second commit, thedevice automatically rolls back to the previous configuration. You can
use the commit confirmedcommand anytime you want a safety netagainst potential configuration problems:
[edit]
mike@juniper1# commit confirmedcommit confirmed will be automatically rolled back in 10 minutes
unless confirmed
commit complete
If everything looks good, then you need to committhe new configura-tion a second time for the configuration to become permanent:
[edit]
mike@juniper1# commit
commit complete
If you do not confirm the configuration by entering a second commitcommand, the CLI will roll back the device to the previous active con-figuration at the end of the 10 minutes. In this way, if you have acci-dently isolated the device, you simply need to wait for the roll backinstead of agonizing over how you are going to otherwise undo yourmistake:
-
7/31/2019 Jsf1 Do Junos Cli
54/66
Chapter 4: Discovering Configuration Mode
Broadcast Message from root@juniper1
(no tty) at 08:10:17 UTC
Commit was not confirmed; automatic rollback complete.
After the device rolls back, check for errors in the candidate configura-tion, and then try the commitagain.
You can alter the time that the device waits before rolling back byadding a wait-time (in minutes) to the command:
[edit]
mike@juniper1# commit confirmed 2commit confirm will be automatically rolled back in 2 minutes
unless confirmed commit complete
BEST PRACTICE When you are configuring remote devices, always use the commitconfirmed command to activate your candidate configuration. Eventhe most experienced JUNOS users want the insurance policy itprovides to their work, and many have a story to tell about the day itsaved them from their own mistake and lots of extra work.
Automating Everyday Tasks
You can optimize your work by adding automated scripting to yourrepertoire. JUNOScript lets you automate, in your own way, bothconfiguration and operational CLI commands. Using automated
scripting can not only save you time, but can also reduce downtime bypreventing configuration errors and speeding problem resolution andrestoration.
Commit scripts enable customized checks of configurations to ensurethat they are in compliance with your network standards and policies.Op and event scripts can receive command output, inspect it, anddetermine the next appropriate actionrepeating the process until aproblems source has been found.
MORE? For instructions on implementing scripts, see the Configuration andDiagnostic Automation Guide atwww.juniper.net/techpubs/.
-
7/31/2019 Jsf1 Do Junos Cli
55/66
48 Day One: Exploring the JUNOS CLI
Rolling Back the Configuration
Whenever you commit the candidate as the new active configuration,JUNOS Software automatically saves a copy of the replaced active file.As you store each newly replaced configuration, all the prior configura-tion files move back one version number further in the configurationarchive. Each device can store up to 49 of the most recently activeversions along with the current active configuration (also known asrollback 0).
You can access this configuration archive using the rollbackcom-mand, including the number of versions you want to go back. Returnto the most recent previous configuration file using the rollback 1
command:[edit]
mike@juniper1# rollback 1load complete
The rollbackcommand loads the requested archive as the candidatefile. If you want to use it immediately, first make sure its what youwant by using theshowcommand, and then activate it with the commitcommand:
[edit]
mike@juniper1# show
[edit]
mike@juniper1# commitcommit complete
This automatic backup mechanism lets you return quickly to a previ-ous configuration for immediate use or for fast updates.
ALERT! Dont forget its necessary to commit the candidate file to actuallyactivate the selected rollback file as the running configuration.
TIP If you arent sure what differences exist between the active (running)configuration and a rollback file, investigate with the show | comparecommand:
[edit interfaces]
mike@juniper1# show | compare rollback 2
[edit interfaces]
The rollback rescue
command loads the rescue
configuration file (see the
BEST PRACTICE tip on page
28 for more info).
-
7/31/2019 Jsf1 Do Junos Cli
56/66
Chapter 4: Discovering Configuration Mode
- fe-3/0/1 {
- vlan-tagging;
- unit 240 {- vlan-id 240;
- family inet {
- address 10.14.250.1/28;
- address 10.14.250.17/28 {
- preferred;
- }
- address 10.14.250.33/28;
- address 10.14.250.49/28;
- address 10.14.250.65/28;
- }
- }
- }
TIP Use the question mark with the rollbackcommand to list the fullarchive:
[edit]
mike@juniper1# rollback ?Possible completions:
Execute this command
0 2009-01-31 04:34:56 UTC by mike via cli
1 2009-01-31 04:30:03 UTC by mike via cli
2 2009-01-30 06:23:44 UTC by mike via cli
48 2008-11-03 08:00:03 UTC by mike via cli
49 2008-11-03 07:45:21 UTC by mike via cli
| Pipe through a command
TIP To reset the candidate configuration to the currently active configura-tion use the rollback(or rollback 0) command.
Preparing System Changes in Advance
The JUNOS CLI provides options for making system changes inadvance. These options can remain inactive parts of your configurationuntil needed or become scheduled elements with a set activation time.
Preconfiguration of New Hardware
Unlike other systems, JUNOS Software lets you prepare for an installa-tion before actually installing the hardware. The software simplyignores any parts of the running configuration that are irrelevant to
-
7/31/2019 Jsf1 Do Junos Cli
57/66
50 Day One: Exploring the JUNOS CLI
the existing hardware installation. Whenever the hardware becomes
available, the newly added section of the configuration then becomesactive.
The option to set up a configuration prior to hardware install is quiteuseful, especially when the person installing the hardware is differentthan the person configuring the device, a common occurrence forremote boxes. Here is a configuration for fe-3/0/0, for example, whichcould be installed tomorrow:
[edit]
mike@juniper1# edit interfaces fe-3/0/0 unit 0
[edit interfaces fe-3/0/0 unit 0]
mike@juniper1# set family inet address 192.168.1.254/24
[edit interfaces fe-3/0/0 unit 0]
mike@juniper1# commitcommit complete
The commit at command
Sometimes you want to prepare configuration changes for activation ata specific time, such as during a maintenance window. The commit atcommand provides this option:
[edit]
mike@juniper1# commit at 02:00:00commit check succeeds
commit will be executed at 2009-02-02 02:00:00 UTC
Exiting configuration mode
mike@juniper1>
To display any pending commits (and the commit history), enter theshowsystem commit command. You can cancel a pending commit withthe clear system commit command.
mike@juniper1>clear system commitPending commit cleared
The deactivate command
You can also make configuration changes and mark them as inactiveuntil you are ready to use them. The device ignores these portions ofthe configuration as though they were not even defined. In this exam-
-
7/31/2019 Jsf1 Do Junos Cli
58/66
Chapter 4: Discovering Configuration Mode
ple, a new BGP neighbor at 192.168.1.1 is configured but left deacti-vated, until the session is ready to be introduced:
[edit]
mike@juniper1# edit protocols bgp group internal
[edit protocols bgp group internal]
mike@juniper1# set neighbor 192.168.1.1
[edit protocols bgp group internal]
mike@juniper1# deactivate neighbor 192.168.1.1
[edit protocols bgp group internal]
mike@juniper1# showtype internal;
local-address 10.14.243.255;
export [ nhs accept-aggregates ];
neighbor 10.14.243.254;
inactive: neighbor 192.168.1.1;
[edit protocols bgp group internal]
mike@juniper1# commitcommit complete
When youre ready to make the change, you just acti